WhatsApp is one of the chat apps available on iPhone and Android that offers end-to-end encryption. That means that all instant messages, voice calls, and video calls are protected from snooping. Only the parties involved in a chat have access to the messages and contents exchanged on the platform. But WhatsApp backups are not encrypted with the same strong security.
WhatsApp users can back up their data and store it on clouds that don’t belong to Facebook. But anyone with access to them can also access the contents. At least, that used to be the case. Facebook has rolled out end-to-end encryption for WhatsApp backups. The feature adds another layer of privacy and security to your instant messaging experience.
WhatsApp started testing backup encryption a few weeks ago on Android. Like all new WhatsApp features, the backup encryption support leaked, as testers could take advantage of it.
Facebook on Friday rolled out end-to-end encryption to all WhatsApp backups, which means all WhatsApp users can take advantage of it.
Facebook explains that WhatsApp users can already back up their WhatsApp chats to Google Drive and iCloud. WhatsApp doesn’t have access to the backups, and the cloud storage provider handles the data security.
How WhatsApp end-to-end encrypted backups work
End-to-end encrypted backups will make it impossible for backup service providers to access the backups. That is, unless they or any third party obtain a password or a 64-digit encryption key that can decrypt the WhatsApp encrypted backup.
In other words, the WhatsApp users who choose to take advantage of end-to-end encrypted backups will have to remember the password or the 64-digit key. Losing that information means the backups will remain inaccessible for good. Facebook won’t be able to decrypt them.
A “unique, randomly generated encryption key” will protect each WhatsApp encrypted backup.
Facebook explains in the post that if you choose a password for your backups’ encryption key, WhatsApp will store the key in a Backup Key Vault called a hardware security module (HSM) that Facebook manages. The HSM storage is unlocked only when the correct password is used in WhatsApp. This will make it possible to encrypt and decrypt backups.
The HSM Backup Key Vaults will sit on Facebook servers internationally, across multiple data centers. That way, they’re always available if a data center goes offline.
Users will continue to store the backups on their preferred storage location. But the files will be end-to-end encrypted. Should anyone find these backups on iCloud or Google Drive, they won’t be able to read the contents like before.
If someone attempts to guess the password, Facebook’s HSM storage associated with that backup will become inaccessible.
The WhatsApp encrypted backups will work on both iPhone and Android and start rolling out in the coming days. Facebook’s full post that explains the tech behind WhatsApp encrypted backups is available at this link.